a list of disposable and temporary email address domains

Martin Cech a9a770a9b2 Merge pull request #159 from jpatte/master 3 years ago
.travis.yml 4f21e5c8a1 add check for public suffix 3 years ago
README.md 862ee297ae shorten c# example code 3 years ago
disposable_email_blacklist.conf 1cdf087df0 add lzoaq.com to blacklist 3 years ago
requirements.txt c21350a15b use the altest version of PSL database 3 years ago
verify.py c21350a15b use the altest version of PSL database 3 years ago
whitelist.conf 5e823d5bcc Move "nus.edu.sg" to whitelist 3 years ago


List of disposable email domains

Licensed under CC0

This repo contains a list of disposable and temporary email address domains often used to register dummy users in order to spam/abuse some services.

Originally collected to filter new user registration at https://usegalaxy.org and later merged with other lists found online. I cannot guarantee all of these can still be considered disposable but they probably were at one point in time.


The file whitelist.conf gathers email domains that are often identified as disposable but in fact are not.

Example Usage


blacklist = ('disposable_email_blacklist.conf')
blacklist_content = [line.rstrip() for line in blacklist.readlines()]
if email.split('@')[1] in blacklist_content:
    message = "Please enter your permanent email address."
    return (False, message)
    return True

Available as PyPI module thanks to @di

>>> from disposable_email_domains import blacklist
>>> 'bearsarefuzzy.com' in blacklist

PHP contributed by @txt3rob, @deguif and @pjebs

function is_disposable_email($email) {
  $path = realpath(dirname(__FILE__)) . '/disposable_email_blacklist.conf';
  $mail_domains_ko = file($path, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
  $mail_domains_ko = array_fill_keys($mail_domains_ko, true);
  $domain = mb_strtolower(explode('@', trim($email))[1]);
  return (isset($mail_domains_ko[$domain]) || array_key_exists($domain, $mail_domains_ko));

Ruby on Rails contributed by @MitsunChieh

In resource model, usually it is user.rb

before_validation :reject_email_blacklist

def reject_email_blacklist
  blacklist = File.read('config/disposable_email_blacklist.conf').split("\n")

  if blacklist.include?(email.split('@')[1])
    errors[:email] << 'invalid email'
    return false
    return true

NodeJs contributed by @martin-fogelman

'use strict';

const readline = require('readline'),
  fs = require('fs');

const input = fs.createReadStream('./disposable_email_blacklist.conf'),
  output = [],
  rl = readline.createInterface({input});

rl.on('line', (line) => {
  console.log(`Processing line ${output.length}`);

rl.on('close', () => {
  try {
    const json = JSON.stringify(output);
    fs.writeFile('disposable_email_blacklist.json', json, () => console.log('--- FINISHED ---'));
  } catch (e) {


private static readonly Lazy<HashSet<string>> _emailBlackList = new Lazy<HashSet<string>>(() =>
  var lines = File.ReadLines("disposable_email_blacklist.conf")
    .Where(line => !string.IsNullOrWhiteSpace(line) && !line.TrimStart().StartsWith("//"));
  return new HashSet<string>(lines, StringComparer.OrdinalIgnoreCase);

private static bool IsBlacklisted(string domain) => _emailBlackList.Value.Contains(domain);


var addr = new MailAddress(email);
if (IsBlacklisted(addr.Host)))
  throw new ApplicationException("Email is blacklisted.");


Feel free to create PR with additions or request removal of some domain (with reasons).


$ cat disposable_email_blacklist.conf your_file | tr '[:upper:]' '[:lower:]' | sort -f | uniq -i > new_file.conf

$ comm -23 new_file.conf whitelist.conf > disposable_email_blacklist.conf

to add contents of another file in the same format (only second level domains on new line without @). It also converts uppercase to lowercase, sorts, removes duplicates and removes whitelisted domains.


  • 7/31/17 @deguif joined as a core maintainer of this project. Thanks!

  • 12/6/16 - Available as PyPI module thanks to @di

  • 7/27/16 - Converted all domains to the second level. This means that starting from this commit the implementers should take care of matching the second level domain names properly i.e. @xxx.yyy.zzz should match yyy.zzz in blacklist more info in #46